PERFORCE change 219713 for review
Robert Watson
rwatson at FreeBSD.org
Sat Nov 10 00:32:27 UTC 2012
http://p4web.freebsd.org/@@219713?ac=10
Change 219713 by rwatson at rwatson_svr_ctsrd_mipsbuild on 2012/11/10 00:31:27
Perform CHERI sandbox checks just before Capsicum sandbox checks,
rather than earlier in system call handling -- specifically, after
system call arguments are copied in, and PC updates may have been
performed. Otherwise, we repeat the offending system call
indefinitely, spinning in and out of the kernel. With this change,
sandboxed userspace components are now blocked from making system
calls.
Affected files ...
.. //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#6 edit
Differences ...
==== //depot/projects/ctsrd/cheribsd/src/sys/kern/subr_syscall.c#6 (text+ko) ====
@@ -77,16 +77,6 @@
} else
traced = 0;
-#ifdef CPU_CHERI
- /*
- * Constrain code that can originate system calls if userspace
- * sandboxing is available.
- */
- error = cheri_syscall_authorize(td);
- if (error)
- goto retval;
-#endif
-
error = (p->p_sysent->sv_fetch_syscall_args)(td, sa);
#ifdef KTRACE
if (KTRPOINT(td, KTR_SYSCALL))
@@ -119,6 +109,16 @@
goto retval;
}
+#ifdef CPU_CHERI
+ /*
+ * Constrain code that can originate system calls if
+ * userspace sandboxing is available.
+ */
+ error = cheri_syscall_authorize(td);
+ if (error)
+ goto retval;
+#endif
+
#ifdef CAPABILITY_MODE
/*
* In capability mode, we only allow access to system calls
More information about the p4-projects
mailing list